Things we should know about Ransomware

Ransomware is on the rise. Easy to deploy, ultra-profitable and mutating, and it’s just getting started. Here’s what it takes to crack the phenomenon.

Want to know all about ransomware and how to protect yourself from it? 

There are 3 types of ransomware

The general principle of ransomware is to manipulate or block access to data and then demand money to fix the problem. We can distinguish three types. The “scareware” takes the form of a fake utility or antivirus that supposedly detected malicious programs and demanded payment in exchange for their removal. The “blocker” takes the form of an official-looking message requesting payment of a fine for illegal activity detected on your computer. In these first two cases, the operating system is probably not affected and it is possible to regain access to the data. The ransomware “encryptor” will encrypt all files and folders on the infected computer, as well as possibly all those on other devices connected to the network.

Most ransomware spreads via email

Most ransomware hides in an email containing an infected link (31%) or attachment (28%) that the recipient clicks on, according to Osterman Research. The latter is the least cautious since the sender, whose account has been hacked or whose site has been copied, is often very plausible: bank, service provider, police, law firm … Once the attached part is opened, the attack is controlled. from an external server that enters the network and blocks access to the files. Other infiltration methods include fake websites or malicious applications (24%), social networks (4%) or a good old USB stick (3%).

Ransom demands are often quite low

In the United States, one-third of ransomware demanded is less than $500, according to a 2016 Osterman Research study. In fact, it is more profitable for hackers to launch massive, undifferentiated attacks rather than a sophisticated attack with a large sum of money at stake. A low ransom is also a way to deter the victim from undertaking in-depth investigations into the origin and veracity of the attack and encourage them to pay up quickly. However, in 20% of cases, the ransom demand exceeds $10,000. This rate even rises to 48% in Germany, where attacks seem more targeted.


The ransomware can be purchased as a ready-to-use kit.

You don’t have to be an experienced geek to embark on the blackmailing profession: you can easily obtain an attack kit on the Dark Web, this parallel Internet where all sorts of illicit businesses thrive. This is known as “ransomware as a service” (RaaS). “The Philadelphia ransomware can be purchased for $300, with a full dashboard of infected countries and machines,” , testifies Nicolas Sterckmans, cybersecurity expert at security software publisher Malwarebytes. Some malware is even distributed for free, in exchange for a “commission” on the ransom received. This RaaS model is particularly juicy for the developer, as it multiplies attacks and minimizes risks. It also explains the very high number of attacks and their sometimes rudimentary level.

Ransomware mutates very quickly

They are called Cerber, TeslaCrypt, Crypt0L0cker, Sage or Spora. Just like viruses, new entrants are constantly appearing on the ransomware market. “In 2016, we observed more than 400 ransomware variants” and they can be eradicated with a ransomware removal, explains Nicolas Sterckmans. Cybercriminals engage in cat-and-mouse games with security specialists. “Without a regular new version, ransomware goes downhill very quickly. “After TeslaCrypt the first quarter of 2016, it was Locky who took over, winning up to 70% of attacks on Windows from August to November, according to Malwarebytes. A dazzling success, but short-lived. Another ransomware, Cerber, took over: at the end of March 2017, the latter concentrated almost 90% of attacks.


Ransomware pays off for hackers

According to the FBI, ransomware would have enabled cybercriminals to collect more than $1 billion in 2016. It must be said that the method is tremendously effective: according to an IBM study, 54% of users are willing to pay more than $100. to find their data. Among companies, the proportion is even as high as 70%, of which 20% have even agreed to spend more than $40,000, especially when it comes to financial and business data. The CryptoLocker ransomware thus shows a “success rate” of 41% according to a study by the University of Kent (UK) for this you should always use ransomware help services to avoid problems.

Retaliation threats are diversifying.

On April 29, 2017, a group of hackers released 10 unreleased episodes of the Netflix series “Orange is The New Black” stolen from Larson Studios, a small post-production company. From simple data blocking to disseminating sensitive data, hackers tailor their retaliatory threats according to their target. In 2016, hackers sent threatening letters to more than 100 companies asking them to pay a ransom, otherwise they would be targeted in massive DDoS (service saturation) attacks. They would have amassed hundreds of thousands of dollars … without launching a single attack.


Bitcoin promotes ransomware

Bitcoin is by far the preferred way for hackers to get their ransom payment. “The virtual currency offers them anonymity and makes it difficult to track transactions,” IBM experts explain. The problem for hackers is that many users don’t even know what bitcoin is and how to use it. Therefore, some hackers do not hesitate to provide a detailed guide to open a bitcoin account and pay the ransom.

Employees are the preferred targets in companies.

The basic employee is the ideal target for blackmailers. Supposedly less informed about security issues and above all much more numerous, 71% of them suffered an attack in the United States in 2016 according to Osterman Research, compared to 25% of senior executives. The latter are also aware of the flaw: 48% of business leaders believe that their employees do not follow cybersecurity recommendations, according to the CESIN barometer (Club of experts in information and digital security). In particular, by downloading unauthorized applications or clicking on tempting commercial offers.